On Arch snaps show broken after switch from snapd to snapd-git


#1

Related to this thread I understand this issue is fixed in 2.29.

I have just experienced this again, but on Manjaro (Arch).

I switched from the outdated snapd package to snapd-git, which gives me snap 2.30.

[alan@manjarovm ~]$ snap version
snap     2.30dev+171219+g5f5180e-1
snapd    2.30dev+171219+g5f5180e-1
series   16
manjaro  
kernel   4.9.74-2-MANJARO

Now all my snaps show up as broken.

[alan@manjarovm ~]$ snap list
Name       Version   Rev   Developer  Notes
brave                13    brave      broken
chromium             128   canonical  broken
core                 3748  canonical  broken
firefox              x2               broken
nextcloud            4371  nextcloud  broken
node-red             56    dcj        broken

I also note that after the switch to snapd-git, my /snap directory is not mounted.

I thought about destroying everything and starting again. So I removed all snaps, removed snapd-git and rebooted. Reinstalled snapd-git and installed one snap. Now that snap won’t run.

[alan@manjarovm ~]$ sudo snap install brave
2017-12-18T13:59:43Z INFO Waiting for restart...
brave v0.19.123dev from 'brave' installed
[alan@manjarovm ~]$ snap list
Name   Version       Rev   Developer  Notes
brave  v0.19.123dev  13    brave      -
core   16-2.30       3748  canonical  core
[alan@manjarovm ~]$ snap run brave
cannot perform operation: mount --rbind /dev /tmp/snap.rootfs_gwR9tX//dev: No such file or directory
[alan@manjarovm ~]$ snap version
snap     2.30dev+171219+g5f5180e-1
snapd    2.30dev+171219+g5f5180e-1
series   16
manjaro  
kernel   4.9.74-2-MANJARO

What do I do now?


#2

Interesting. I’ll try to reproduce it on Arch with snapd from community (while it’s still there).


#3

Can you try SNAPD_DEBUG=1 SNAP_DEBUG_CONFINE=1 snap run brave and post the log?


#4
[alan@manjarovm ~]$ snap run brave
2018/01/05 13:17:10.270917 cmd.go:70: DEBUG: re-exec not supported on distro "manjaro" yet
DEBUG: security tag: snap.brave.brave
DEBUG: executable:   /usr/lib/snapd/snap-exec
DEBUG: confinement:  non-classic
DEBUG: base snap:    core
DEBUG: ruid: 1000, euid: 0, suid: 0
DEBUG: rgid: 1000, egid: 0, sgid: 0
DEBUG: checking if the current process shares mount namespace with the init process
DEBUG: re-associating is not required
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: opening lock file: /run/snapd/lock/.lock
DEBUG: sanity timeout initialized and set for three seconds
DEBUG: acquiring exclusive lock (scope (global))
DEBUG: sanity timeout reset and disabled
DEBUG: ensuring that snap mount directory is shared
DEBUG: unsharing snap namespace directory
DEBUG: creating namespace group directory /run/snapd/ns
DEBUG: namespace group directory does not require intialization
DEBUG: releasing lock (scope: (global))
DEBUG: creating lock directory /run/snapd/lock (if missing)
DEBUG: opening lock directory /run/snapd/lock
DEBUG: opening lock file: /run/snapd/lock/brave.lock
DEBUG: sanity timeout initialized and set for three seconds
DEBUG: acquiring exclusive lock (scope brave)
DEBUG: sanity timeout reset and disabled
DEBUG: initializing mount namespace: brave
DEBUG: opening namespace group directory /run/snapd/ns
DEBUG: initializing new namespace group brave
DEBUG: forking support process for mount namespace capture
DEBUG: forked support process has pid 1617
DEBUG: unsharing the mount namespace
DEBUG: snap-update-ns executable: /usr/lib/snapd/snap-update-ns
DEBUG: opened snap-update-ns executable as file descriptor 5
DEBUG: scratch directory for constructing namespace: /tmp/snap.rootfs_9VEzkm
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
DEBUG: performing operation: (disabled) use debug build to see details
cannot perform operation: (disabled) use debug build to see details: No such file or directory
DEBUG: forked support process has pid 0
DEBUG: changing apparmor hat of the support process for mount namespace capture
DEBUG: ensuring that parent process is still alive
DEBUG: waiting for a eventfd data from the parent process to continue
DEBUG: sanity timeout initialized and set for three seconds

#5

Was hoping to see some additional info. Instead found a small bug in snap-confine instead. Fixing it here: https://github.com/snapcore/snapd/pull/4449

Still don’t know what’s the root cause though.


#6

Managed to get this:

[manjaro@manjaro ~]$ snap list
Name         Version  Rev   Developer  Notes
core                  3748  canonical  broken
hello-world           27    canonical  broken

There’s something fishy going on in Manjaro. Note that snapd-git is not the same as AUR snapd-git. It’s actually a package in the community repo

IMO this may be related to snap and community snapd-git not doing a proper cleanup on uninstallation. This has been addressed in AUR snapd-git (and AUR snapd as of today).

@philm do you think we could get the package updated? Should I open a PR?


#7

@mborzecki: a PR would be just fine.


#8

Where should we file a bug to track this work?


#9